It’s unclear if any patient information or medical records were affected by the cybersecurity attack. NRC Health did not confirm the scope of the attack but did say there is no evidence that patient data was breached.
NRC Health CIO Paul Cooper said the company had to shut down its systems following the ransomware attack. In an email to partnering hospitals, which was obtained by CNBC, NRC Health said it had shut down the “entire environment, including client-facing reporting portals, to contain the issue.” Since then, NRC Health has made “significant progress” to restore the systems.
Hospitals have begun to worry if their patients’ data is secure, according to the CNBC report. One hospital CIO, who was not identified by CNBC, said the ransomware attack at NRC Health has been a “major source of irritation internally.” The hospital uses NRC Health to determine how much physicians are paid.
Another CIO who asked for anonymity told CNBC the hospital was concerned that hackers may have accessed confidential information about the hospital itself.
NRC Health sells software to 9,000 healthcare organizations, including Los Angeles-based Cedars-Sinai Medical Center and New Orleans-based Ochsner Medical Center. The company gathers data on more than 25 million healthcare consumers annually.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks